05-14-2004, 06:49 AM
|
|
Member
|
|
Join Date: Dec 2003
Location: Brittany / France / Europe
Posts: 31
|
|
Quote:
|
Originally Posted by mistwang
I still couldn't believe name based SSL vhost possible.
|
They are not. Squid associates (ip,port) to certs, as can do LSWS or Apache directly. The exposed configuration allows to centralize all certs in case the backends are on remote machines. In that case, the link between proxy and backend is not (necessary) crypted.
The alternate port solution is not even an alternative to multiple IPs if your clients are corporate : firewalls usually do not allow alternatives to 443. |